From 20acd7cf61c5de05b6c3efdaf6a017eab953e20f Mon Sep 17 00:00:00 2001
From: zzz <zzz@i2pmail.org>
Date: Thu, 23 Jun 2022 09:20:35 -0400
Subject: [PATCH] Debian: Update apparmor profile
see gitlab MR !59
---
debian/apparmor/i2p | 6 ++++++
debian/apparmor/system_i2p | 4 ++++
2 files changed, 10 insertions(+)
diff --git a/debian/apparmor/i2p b/debian/apparmor/i2p
index 147c085741..fb8333fbbc 100644
--- a/debian/apparmor/i2p
+++ b/debian/apparmor/i2p
@@ -18,8 +18,10 @@
# Needed by Java
@{PROC} r,
+ @{PROC}/cgroups r,
owner @{PROC}/[0-9]*/ r,
owner @{PROC}/[0-9]*/cgroup r,
+ owner @{PROC}/[0-9]*/coredump_filter rw,
owner @{PROC}/[0-9]*/mountinfo r,
owner @{PROC}/[0-9]*/status r,
@{PROC}/[0-9]*/net/ipv6_route r,
@@ -60,7 +62,9 @@
/usr/share/java/wrapper*.jar r,
# Dependent packages
+ /usr/share/java/eclipse-jdt-core-*.jar r,
/usr/share/java/libintl.jar r,
+ /usr/share/java/libintl-*.jar r,
/usr/share/java/glassfish-appserv-jstl.jar r,
/usr/share/maven-repo/jstl/jstl/1.2/jstl-1.2.jar r,
/usr/share/java/gnu-getopt.jar r,
@@ -68,7 +72,9 @@
/usr/share/java/jetty9-*.jar r,
/usr/share/java/json-simple.jar r,
/usr/share/java/json-simple-*.jar r,
+ /usr/share/java/jsp-api.jar r,
/usr/share/java/jsp-api-*.jar r,
+ /usr/share/java/servlet-api.jar r,
/usr/share/java/servlet-api-*.jar r,
/usr/share/java/standard.jar r,
/usr/share/java/standard-*.jar r,
diff --git a/debian/apparmor/system_i2p b/debian/apparmor/system_i2p
index 2eabd775b2..ea212217c0 100644
--- a/debian/apparmor/system_i2p
+++ b/debian/apparmor/system_i2p
@@ -5,6 +5,10 @@
profile system_i2p flags=(complain) {
#include <abstractions/i2p>
+ #
+ # Additional rules required when running as a service.
+ #
+
owner /{,lib/live/mount/overlay/}var/lib/i2p/** rwk,
owner /{,lib/live/mount/overlay/}var/lib/i2p/i2p-config/eepsite/cgi-bin rix,
owner /{,lib/live/mount/overlay/}var/log/i2p/* rw,
--
GitLab